| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| |
| configs: |
| - name: zookeeperServers |
| description: The ZooKeeper quorum connection string (as a comma-separated list) |
| - name: configurationStoreServers |
| description: Configuration store connection string (as a comma-separated list) |
| - name: zookeeperSessionTimeoutMs |
| default: 30000 |
| description: ZooKeeper session timeout (in milliseconds) |
| - name: servicePort |
| default: 6650 |
| description: The port to use for server binary Protobuf requests |
| - name: servicePortTls |
| default: 6651 |
| description: The port to use to server binary Protobuf TLS requests |
| - name: statusFilePath |
| description: Path for the file used to determine the rotation status for the proxy instance when responding to service discovery health checks |
| - name: authenticationEnabled |
| default: "false" |
| description: Whether authentication is enabled for the Pulsar proxy |
| - name: authenticationProviders |
| description: Authentication provider name list (a comma-separated list of class names) |
| - name: authorizationEnabled |
| default: "false" |
| description: Whether authorization is enforced by the Pulsar proxy |
| - name: authorizationProvider |
| default: org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider |
| description: Authorization provider as a fully qualified class name |
| - name: brokerClientAuthenticationPlugin |
| description: The authentication plugin used by the Pulsar proxy to authenticate with Pulsar brokers |
| - name: brokerClientAuthenticationParameters |
| description: The authentication parameters used by the Pulsar proxy to authenticate with Pulsar brokers |
| - name: brokerClientTrustCertsFilePath |
| description: The path to trusted certificates used by the Pulsar proxy to authenticate with Pulsar brokers |
| - name: superUserRoles |
| description: Role names that are treated as "super-users," meaning that they will be able to perform all admin |
| - name: forwardAuthorizationCredentials |
| default: "false" |
| description: Whether client authorization credentials are forwared to the broker for re-authorization. Authentication must be enabled via `authenticationEnabled=true` for this to take effect. |
| - name: maxConcurrentInboundConnections |
| default: 10000 |
| description: Max concurrent inbound connections. The proxy will reject requests beyond that. |
| - name: maxConcurrentLookupRequests |
| default: 10000 |
| description: Max concurrent outbound connections. The proxy will error out requests beyond that. |
| - name: tlsEnabledInProxy |
| default: "false" |
| description: Whether TLS is enabled for the proxy |
| - name: tlsEnabledWithBroker |
| default: "false" |
| description: Whether TLS is enabled when communicating with Pulsar brokers |
| - name: tlsCertificateFilePath |
| description: Path for the TLS certificate file |
| - name: tlsKeyFilePath |
| description: Path for the TLS private key file |
| - name: tlsTrustCertsFilePath |
| description: Path for the trusted TLS certificate pem file |
| - name: tlsHostnameVerificationEnabled |
| default: "false" |
| description: Whether the hostname is validated when the proxy creates a TLS connection with brokers |
| - name: tlsRequireTrustedClientCertOnConnect |
| default: "false" |
| description: Whether client certificates are required for TLS. Connections are rejected if the client certificate isn't trusted. |